Drift Loses $285 Million in Durable Nonce Social Engineering Attack Linked to DPRK
Solana-based decentralized exchange Drift has confirmed that attackers drained about $285 million from the platform during a security incident that...
Hacking
Category Added in a WPeMatico Campaign
Hackers Exploit CVE-2025-55182 to Breach 766 Next.js Hosts, Steal Credentials
Ravie LakshmananApr 02, 2026Vulnerability / Threat Intelligence A large-scale credential harvesting operation has been observed exploiting the React2Shell vulnerability as an initial infection...
Cisco Patches 9.8 CVSS IMC and SSM Flaws Allowing Remote System Compromise
Ravie LakshmananApr 02, 2026Network Security / Vulnerability Cisco has released updates to address a critical security flaw in the Integrated Management...
ThreatsDay Bulletin: Pre-Auth Chains, Android Rootkits, CloudTrail Evasion & 10 More Stories
Ravie LakshmananApr 02, 2026Cybersecurity / Hacking News The latest ThreatsDay Bulletin is basically a cheat sheet for everything breaking on the...
Researchers Uncover Mining Operation Using ISO Lures to Spread RATs and Crypto Miners
Ravie LakshmananApr 02, 2026Cryptomining / Malware A financially motivated operation codenamed REF1695 has been observed leveraging fake installers to deploy remote access trojans (RATs)...
The State of Trusted Open Source Report
In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer...
WhatsApp Alerts 200 Users After Fake iOS App Installed Spyware; Italian Firm Faces Action
Ravie LakshmananApr 02, 2026Surveillance / Mobile Security Meta-owned messaging platform WhatsApp said it alerted about 200 users who were tricked...
Apple Expands iOS 18.7.7 Update to More Devices to Block DarkSword Exploit
Ravie LakshmananApr 02, 2026Mobile Security / Vulnerability Apple on Wednesday expanded the availability of iOS 18.7.7 and iPadOS 18.7.7 to a broader range of...
CERT-UA Impersonation Campaign Spread AGEWHEEZE Malware to 1 Million Emails
Ravie LakshmananApr 01, 2026Email Security / Artificial Intelligence The Computer Emergency Response Team of Ukraine (CERT-UA) has disclosed details of...
Microsoft Warns of WhatsApp-Delivered VBS Malware Hijacking Windows via UAC Bypass
Ravie LakshmananApr 01, 2026Social Engineering / Malware Microsoft is calling attention to a new campaign that has leveraged WhatsApp messages...
Block the Prompt, Not the Work: The End of “Doctor No”
The Hacker NewsApr 01, 2026Endpoint Security / Data Protection There is a character that keeps appearing in enterprise security departments,...
Casbaneiro Phishing Targets Latin America and Europe Using Dynamic PDF Lures
Ravie LakshmananApr 01, 2026Malware / Windows Security A multi-pronged phishing campaign is targeting Spanish-speaking users in organizations across Latin America...
New Chrome Zero-Day CVE-2026-5281 Under Active Exploitation — Patch Released
Ravie LakshmananApr 01, 2026Vulnerability / Browser Security Google on Thursday released security updates for its Chrome web browser to address...
3 Reasons Attackers Are Using Your Trusted Tools Against You (And Why You Don’t See It Coming)
For years, cybersecurity has followed a familiar model: block malware, stop the attack. Now, attackers are moving on to what’s...
Google Attributes Axios npm Supply Chain Attack to North Korean Group UNC1069
Google has formally attributed the supply chain compromise of the popular Axios npm package to a financially motivated North Korean...
